Financial Crime World

Here is the converted article in markdown format:

Conducting a Risk Assessment under the German Money Laundering Act (GwG)

The German Money Laundering Act (Geldwäschegesetz – GwG) requires obliged entities to conduct regular risk assessments to identify, categorize, and weight risks related to money laundering and terrorist financing. This step-by-step guide outlines the necessary steps for obliged entities to follow.

Step 1: Collect Information

To begin the risk assessment process, it is essential to collect information on the undertaking’s existing knowledge or knowledge subsequently obtained.

  • Gather information from various sources, including:
    • Suspected cases in which the undertaking has been involved in the past
    • Knowledge shared by anti-money laundering officers (AML officers) of other obliged entities
  • Analyze this information to identify potential risks and areas of concern.

Step 2: Identify Risks

Using the collected information, identify potential risks that may be related to money laundering or terrorist financing. Categorize these risks into different risk groups and assess their significance using a weighting system.

  • Use a weighting system to differentiate between high, medium, and low-risk scenarios
  • Define absolute criteria that automatically affect customer classification or entail specific safeguards

Step 3: Assess Risks

Assess the identified risks within the scope of three different risk levels (high, medium, low).

  • Consider using additional risk levels/categories or reducing the number of levels/categories
  • Use various assessment methods, such as weightings for different risk factors or fixed systems

Step 4: Implement Safeguards

Based on the results of the risk assessment, determine internal safeguards to mitigate identified risks.

  • Ensure that individual prevention measures are consistent with the risk assessment
  • Document and implement these safeguards to prevent money laundering and terrorist financing activities.

Step 5: Review and Update

Regularly review and update the risk assessment process to ensure that it remains effective in identifying and mitigating potential risks.

  • Review and develop internal safeguards considering the outcome of the risk assessment
  • Document and update the risk assessment regularly, at least once per year
  • Provide the current version of the risk assessment to BaFin, internal auditors (where applicable), external auditors, and the competent member of management upon request.

Additional Resources

For further information on conducting a risk assessment under the German Money Laundering Act (GwG), refer to:

  • Annex 1 & Annex 2 GwG: Factors indicating a potentially lower or higher risk
  • BaFin-Interpretation and Application Guidance on the German Money Laundering Act (Geldwäschegesetz – GwG)
  • BMF First National Risk Assessment 2018/2019
  • BMF Sector-specific Risk Assessment 2020